53 Replies. 3 pages. Viewing page 1.
< Newer [ 1 2 3 ] Older >
 |
| 53. |
Re: Steam Breach Follow-up |
Feb 12, 2012, 20:14 |
Sepharo |
|
|
Flatline wrote on Feb 12, 2012, 20:11:
Sepharo wrote on Feb 11, 2012, 19:29:
zirik wrote on Feb 11, 2012, 19:21:
avianflu wrote on Feb 11, 2012, 12:55:
Why is no one bringing up the infamous breach at Valve were Gabe's office desktop was hacked with a worm that Gabe himself inadvertently installed and left running for months? Thereby causing the theft of HL2 before release. Not a good precedent for Valve.
thats what i was thinking earlier when i thought hl2 came out in 2005. the source code theft forced valve to delay the release to late nov 2004. i got my copy through a graphics card bundle but the steam card wasnt mailed to me until jan 2005.
Steam card? I got mine through the ATI bundle as well and I just typed the key into Steam and got the preload.
I think there were two ATI bundles. I literally waited over a year for HL2 to come out. The first bundle you had to get a mail in code or something to get your HL2 game. I remember there being silly hoops to jump through.
Mine was with the 9800xt and I remember it was long before the actual game came out, long enough that people weren't even sure the the codes would still be honored. Mine came with a card in the box that had a scratch off portion, I just typed that key into Steam when HL2 preloads were underway and then preloaded mine. |
|
|
|
|
|
|
|
|
| [I'm not trolling I'm just] tossing stuff like that in there only to get your panties all bunched up. -TrollinThundr |
|
|
|
|
| |
|
| 52. |
Re: Steam Breach Follow-up |
Feb 12, 2012, 20:11 |
Flatline |
|
|
Sepharo wrote on Feb 11, 2012, 19:29:
zirik wrote on Feb 11, 2012, 19:21:
avianflu wrote on Feb 11, 2012, 12:55:
Why is no one bringing up the infamous breach at Valve were Gabe's office desktop was hacked with a worm that Gabe himself inadvertently installed and left running for months? Thereby causing the theft of HL2 before release. Not a good precedent for Valve.
thats what i was thinking earlier when i thought hl2 came out in 2005. the source code theft forced valve to delay the release to late nov 2004. i got my copy through a graphics card bundle but the steam card wasnt mailed to me until jan 2005.
Steam card? I got mine through the ATI bundle as well and I just typed the key into Steam and got the preload.
I think there were two ATI bundles. I literally waited over a year for HL2 to come out. The first bundle you had to get a mail in code or something to get your HL2 game. I remember there being silly hoops to jump through. |
|
|
|
|
|
|
|
| |
|
| 51. |
Re: jtw321@gmail.com |
Feb 12, 2012, 20:09 |
Flatline |
|
|
Mashiki Amiketo wrote on Feb 11, 2012, 07:08:
Flatline wrote on Feb 11, 2012, 03:23:
Dude, this breach happened THREE YEARS AGO and they just "found out about it" in the recent past. Which is, to put it mildly, a cock-up of epic proportions. Wait did someone mention that you missed the part where this was already stored data, and it wasn't "three years ago" but rather from the same breech. Sometimes I think this is why it would be better if they simply didn't report things like this. People see earlier dates, jump on their asses, flail about, scream, that the sky is falling. When in fact, they've simply missed read it.
What you're saying and what the email from valve said are totally different. So let me post the full email:
If you have accessed your Steam account since November 10, 2011 you know that we had a network intrusion. We learned about this intrusion when the Steam forums were defaced on November 6. Since then our investigation of this intrusion has continued with the help of outside security experts. We now have additional information we would like to share with you. We are providing this information to you in this formal way because it might be required by your state's law.
We've recently learned that it is probable that in 2009 the intruders obtained a copy of a database with information about Steam transactions between 2004 and 2008. This database contained user names, email addresses, encrypted billing addresses and encrypted credit card information. We do not have any evidence that the encryption on credit card numbers and billing addresses has been compromised. We are still investigating and working with the Seattle FBI office.
We don't have evidence of credit card misuse. Nonetheless, you should watch your credit card activity and statements closely.
Now. I bolded my original quote. There are two intrusions mentioned in this email. One in 2011, one in 2009.
They announced that they *just* determined that in 2009 the salted hashes and other data was stolen. This is in addition to anything they discovered from the 2011 attack or the original "investigation" of the 2009 attack (if they even investigated it).
My criticism is that it took 3 years for them to determine the real damage of the 2009 intrusion. And apparently they only realized this because of the 2011 intrusion. That's pretty sloppy work. I have to ask what else have they missed? |
|
|
|
|
|
|
|
| |
|
| 50. |
Re: Steam Breach Follow-up |
Feb 12, 2012, 01:09 |
z0dd |
|
|
| I've given up any hope of secure information and just assume everything I transmit will eventually be available to hackers. I'm pretty sure at this point that storing your life's saving under your mattress is the safest way to protect your funds. |
|
|
|
|
|
|
|
| |
|
| 49. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 22:52 |
DrEvil |
|
|
avianflu wrote on Feb 11, 2012, 13:39:
DrEvil == We actually agree more than disagree if you read my post one more time. Look at the first sentence of my post.
But you are completely absolving _businesses_ of responsibility for consumer data stored on their servers?? Seriously ? That's not kosher for fairly obvious reasons.
No, and nowhere did I say that. But neither can anyone here claim that the business is responsible either without having the full facts in their possession.
*If* valve followed reasonable security procedures and kept their systems up-to-date, that's as much as can be asked for. So far, all indicators are that they did. |
|
|
|
|
|
|
|
| |
|
| 48. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 22:01 |
Mordecai Walfish |
|
|
avianflu wrote on Feb 11, 2012, 12:55:
I bought the boxed version of Skyrim and all it was was the steam installer on the disk. Joke on the consumer there. So steam got a credit card out of me.
Huh? I was not aware either Steam or Skyrim had a credit card requirement.. |
|
|
|
|
|
|
|
|
| Playing: MechWarrior Online, Natural Selection 2, PlanetSide 2, NFS: Hot Pursuit, Torchlight 2, Sine Mora, GTAIV, River City Ransom(NES), Final Fantasy IV Complete(PSP), Patapon 2(PSP), Dariusburst(PSP) |
|
|
|
|
| |
|
| 47. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 20:38 |
Dev |
|
|
zirik wrote on Feb 11, 2012, 19:16:
if the thief got into their backup database what makes you think they did not try to get the encryption keys to get past the hashed data? I think you need to review what a "hash" is. |
|
|
|
|
|
|
|
| |
|
| 46. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 19:30 |
Sepharo |
|
|
zirik wrote on Feb 11, 2012, 19:28:
Sepharo wrote on Feb 11, 2012, 19:17:
Where are you getting all this?
just comparing what we do to our backup database at work. nobody gets access to it other than the IT guys. and even then it has to be done at a specific terminal in the server room. on a system with full audit enabled to track all activity. no remote access allowed.
Everyone's infrastructure is just like yours.
Also I primarily meant where are you getting the info about what Valve does and does not know?
but it seems they have no idea who took it and with what credentials since they dont know how deep the damage goes. |
|
|
|
|
|
|
|
|
| [I'm not trolling I'm just] tossing stuff like that in there only to get your panties all bunched up. -TrollinThundr |
|
|
|
|
| |
|
| 45. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 19:29 |
Sepharo |
|
|
zirik wrote on Feb 11, 2012, 19:21:
avianflu wrote on Feb 11, 2012, 12:55:
Why is no one bringing up the infamous breach at Valve were Gabe's office desktop was hacked with a worm that Gabe himself inadvertently installed and left running for months? Thereby causing the theft of HL2 before release. Not a good precedent for Valve.
thats what i was thinking earlier when i thought hl2 came out in 2005. the source code theft forced valve to delay the release to late nov 2004. i got my copy through a graphics card bundle but the steam card wasnt mailed to me until jan 2005.
Steam card? I got mine through the ATI bundle as well and I just typed the key into Steam and got the preload. |
|
|
|
|
|
|
|
|
| [I'm not trolling I'm just] tossing stuff like that in there only to get your panties all bunched up. -TrollinThundr |
|
|
|
|
| |
|
| 44. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 19:28 |
zirik |
|
|
Sepharo wrote on Feb 11, 2012, 19:17:
Where are you getting all this?
just comparing what we do to our backup database at work. nobody gets access to it other than the IT guys. and even then it has to be done at a specific terminal in the server room. on a system with full audit enabled to track all activity. no remote access allowed. |
|
|
|
|
|
|
|
| |
|
| 43. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 19:21 |
zirik |
|
|
avianflu wrote on Feb 11, 2012, 12:55:
Why is no one bringing up the infamous breach at Valve were Gabe's office desktop was hacked with a worm that Gabe himself inadvertently installed and left running for months? Thereby causing the theft of HL2 before release. Not a good precedent for Valve.
thats what i was thinking earlier when i thought hl2 came out in 2005. the source code theft forced valve to delay the release to late nov 2004. i got my copy through a graphics card bundle but the steam card wasnt mailed to me until jan 2005. |
|
|
|
|
|
|
|
| |
|
| 42. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 19:17 |
Sepharo |
|
|
zirik wrote on Feb 11, 2012, 19:14:
the intruders were probably using credentials of someone from valve to access the database. what would be interesting to know is does valve regularly check who retrieves backup files. if they were careful that backup database should have been on a separate system with full audit enabled. but it seems they have no idea who took it and with what credentials since they dont know how deep the damage goes.
Where are you getting all this? |
|
|
|
|
|
|
|
|
| [I'm not trolling I'm just] tossing stuff like that in there only to get your panties all bunched up. -TrollinThundr |
|
|
|
|
| |
|
| 41. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 19:16 |
zirik |
|
|
Dev wrote on Feb 11, 2012, 13:36:
avianflu wrote on Feb 11, 2012, 12:55:
Let's NOT leave Valve off the hook: every time there is a credit card breach in the news Good news then. It was just salted hashes they got in the credit card category. Unlike sony that stored everything in PLAIN TEXT.
if the thief got into their backup database what makes you think they did not try to get the encryption keys to get past the hashed data? |
|
|
|
|
|
|
|
| |
|
| 40. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 19:14 |
zirik |
|
|
alvador wrote on Feb 11, 2012, 09:19:
From the email I received:
We've recently learned that it is probable that in 2009 the intruders obtained a copy of a database with information about Steam transactions between 2004 and 2008. So, it WAS 3 years ago that the data was stolen, and that data was 4-8 years old (or, 1-5 years old at the time it was stolen). It became obvious to everyone that something had happened in Nov 2011- what's not clear is how soon Valve knew something had happened.
edit- Re-reading the email they say they became aware of it on Nov 6 2011. So, it apparently took the intruders 2 years to do something with the database.
the intruders were probably using credentials of someone from valve to access the database. what would be interesting to know is does valve regularly check who retrieves backup files. if they were careful that backup database should have been on a separate system with full audit enabled. but it seems they have no idea who took it and with what credentials since they dont know how deep the damage goes. |
|
|
|
|
|
|
|
| |
|
| 39. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 13:39 |
avianflu |
|
|
DrEvil == We actually agree more than disagree if you read my post one more time. Look at the first sentence of my post.
But you are completely absolving _businesses_ of responsibility for consumer data stored on their servers?? Seriously ? That's not kosher for fairly obvious reasons.
|
|
|
|
|
|
|
|
| |
|
| 38. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 13:36 |
Dev |
|
|
avianflu wrote on Feb 11, 2012, 12:55:
Let's NOT leave Valve off the hook: every time there is a credit card breach in the news Good news then. It was just salted hashes they got in the credit card category. Unlike sony that stored everything in PLAIN TEXT. |
|
|
|
|
|
|
|
| |
|
| 37. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 12:58 |
nin |
|
|
Let's NOT leave Valve off the hook: every time there is a credit card breach in the news, it _is_ the fault of the company in some manner of lax security with passwords/breadth of access to internal users/encryption.
I don't think anyone's leaving them off the hook, but there is no full proof security system (like someone wanted at the beginning), and they at least made a better effort than sony did.
|
|
|
|
|
|
|
|
|
RollinThundr Apr 17, 2013, 12:25: Eh really tossing stuff like that in there only to get your panties all bunched up. If you really want to call that trolling sure.
Mr. Tact Apr 17, 2013, 12:33: Pretty sure that's the definition of trolling... |
|
|
|
|
| |
|
| 36. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 12:57 |
DrEvil |
|
|
avianflu wrote on Feb 11, 2012, 12:55:
Let's NOT leave Valve off the hook: every time there is a credit card breach in the news, it _is_ the fault of the company in some manner of lax security with passwords/breadth of access to internal users/encryption.
Bullcrap. If someone manages to hack into your computer, I bet you'd be singing a different tune. Do you know every single security vulnerability of every single component of your system? Do you have a patch for everyone? Guess freaking what; you don't. |
|
|
|
|
|
|
|
| |
|
| 35. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 12:55 |
avianflu |
|
|
It is 100% "buyer beware" every single time you use a credit card in any web-based scenario. Happy Thoughts.
Sony never got a credit card from me for the PS3 and boy am I thankful I was prudent on that one.
Sadly I finally joined Steam solely for Skyrim because there was no other option. I bought the boxed version of Skyrim and all it was was the steam installer on the disk. Joke on the consumer there. So steam got a credit card out of me.
Let's NOT leave Valve off the hook: every time there is a credit card breach in the news, it _is_ the fault of the company in some manner of lax security with passwords/breadth of access to internal users/encryption.
Why is no one bringing up the infamous breach at Valve were Gabe's office desktop was hacked with a worm that Gabe himself inadvertently installed and left running for months? Thereby causing the theft of HL2 before release. Not a good precedent for Valve. |
|
|
|
|
|
|
|
| |
|
| 34. |
Re: Steam Breach Follow-up |
Feb 11, 2012, 12:22 |
DrEvil |
|
|
Cutter wrote on Feb 11, 2012, 07:17:
Say sorry Gabe you fat fuck!
He already did; and seriously, what's with the bile? Did this kill your favourite pet or something? Life is too short to be such a jerk. |
|
|
|
|
|
|
|
| |
53 Replies. 3 pages. Viewing page 1.
< Newer [ 1 2 3 ] Older >
|
|
Twitter 
